RSSApple Patches Eight QuickTime Flaws
By Ed Oswald | Published July 13, 2007, 12:25 PM
Apple released an update to its QuickTime media player on Friday, patching eight security flaws in the application including code execution and information disclosure risks. Both Mac OS X and Windows are affected.
The first four flaws involve specially crafted H.264, movie, .m4v, or SMIL files that could lead to an unexpected application termination and/or arbitary code execution. The first two involve a memory corruption issue, while the latter two are caused by integer overflow vulnerabilities.
In all cases, Apple has fixed the problem by forcing QuickTime to perform additional validation of files before allowing them to play.
The last four fixes address various flaws within QuickTime for Java that would allow for arbitrary code to be executed by visiting a malicious Web site. The first of these could allow for security checks to be disabled, while another may allow an attacker to bypass those checks.
Attackers could capture a client's screen content in another flaw, while the final Java flaw involves JDIrect. To fix these issues, Apple has implemented additional validation checks for Java applets, while also removing support for JDirect from QuickTime for Java.
In the screen content disclosure flaw, Apple says it has fixed QuickTime for Java by having it perform a "more accurate" access control check.
The update is available for Mac OS X 10.3.9, Mac OS X 10.4.9 or later, as well as Windows XP SP2 and Vista.
There's no denying that the Apple iPod is the most popular MP3 player in the world. It's so popular, in fact, that it has bordered on becoming the generic term for MP3 player
www.ipodconverter.com
Score: 0
|Wow, MSFT just patched 7 whole flaws, covering 2 OS's and an Office suite. With 8 flaws for a simple media player that most only use to play one propietary format, I'm just glad Apple isn't in the PC OS game, or it could be "game over" for all of us ;)
Score: 0
|Yawn...
Score: 0
|Pfff.... QuickTime 7.2 requires XP or Vista; it doesn't run on Windows 2000. Shame! :(
Score: 0
|Um, old news. The recent update to QuickTime 7.2 came out earlier this week, not Friday.
Score: 0
|Even the very recently released QuickTime 7.2 is caught up in this?
(Why can't we just get rid of QuickTime? It's so "yesterday.")
Score: 0
|No, QuickTime 7.2 is what fixes these flaws.
Score: 0
|You can. Use QuickTime Alternative.
Score: 0
|Development for QTA has stopped. In fact it has vulnerable code that people should not use.
Score: 0
|Looks like the Mac/*nix vs. Windows security debate can finally be put to rest. All complex software has vulnerabilities and can be exploited.
The only question now is response; How long it takes the respective companies to fix them once they're found.
Score: 0
|very weak attempt at trolling, nub
Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this? Are you sure you want to respond to this?
Score: 0
|Hmmm...
Post a comment related to the article on how the content might affect the people discussing and posing a possible metric that could be used to base merit upon.
-or-
Call someone a name and act like a 3 year-old...
Nice to see you're at least being consistent, El Dingo.
Score: 0
|Hm, considering he made a statement and you just typed in nothing in whatsoever had to do with the article, you would be the troll.
He basically said nothing is immune everything has its weaknesses no matter who it is. He is right.
Score: 0
|"Looks like the Mac/*nix vs. Windows security debate can finally be put to rest. All complex software has vulnerabilities and can be exploited."
I'm not a fanboi I use all three OS'es. Thought I would get that out of the way first.
In response to your statement, you are correct complex software does have vulnerabilities. But I feel that there is a difference between the security of the OS and the security of the software written "for" the OS.
If Skype had an exploit written for it I could not blame Mirosoft, or say that it is because of Windows. The same is with Quicktime, it is a problem with a program that runs on the OS, not the OS itself.
So your statement that it has put it all to rest is not true.
But lets be honest, the reason why Windows is exploited so much more is because it is on 90 odd percent of the world's computers. I use Ubuntu as my main OS, and until such time it comes under attack like Windows does then I will carry on using it.
Just my two cents as you American's say.
Score: 0
|Sounds exactly like what you did in the Mac Office thread. Glad you understand why i was calling you a troll over there too. nub PC_Troll
Score: 0
|Indeed. FOSS ones get fixed as and when people can be arsed to get around to it. There's stuff in Linux distros that's been outstanding for donkeys years. Whereas MS has a financial interest in getting them sorted.
Score: 0
|Yes.
Obviously, by posting actual information, being mature, and backing up my statements with logic, I was trolling.
We should *all* be more like you and throw insults, ignore logic and fact, and generally act like 3 year olds.
What a wonderful place this would be then...
Score: 0
|Nah, you got it.
Score: 0
|"We should *all* be more like you and throw insults, ignore logic and fact, and generally act like 3 year olds."
I think you just described the betanews forums...
Score: 0
|